fkie_nvd - fkie_cve-2024-36353

FKIE_CVE-2024-36353

Vulnerability from fkie_nvd - Published: 2025-03-02 18:15 - Updated: 2025-09-25 20:15

Severity ?

6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Summary

Insufficient clearing of GPU global memory could allow a malicious process running on the same GPU to read left over memory values potentially leading to loss of confidentiality.

References

	URL	Tags
	psirt@amd.com	https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6019.html

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Insufficient clearing of GPU global memory could allow a malicious process running on the same GPU to read left over memory values potentially leading to loss of confidentiality."
    },
    {
      "lang": "es",
      "value": "Una depuraci\u00f3n insuficiente de la memoria global de la GPU podr\u00eda permitir que un proceso malicioso que se ejecuta en la misma GPU lea valores de memoria restantes, lo que podr\u00eda provocar una p\u00e9rdida de confidencialidad."
    }
  ],
  "id": "CVE-2024-36353",
  "lastModified": "2025-09-25T20:15:33.850",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.0,
        "impactScore": 4.0,
        "source": "psirt@amd.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-03-02T18:15:34.033",
  "references": [
    {
      "source": "psirt@amd.com",
      "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6019.html"
    }
  ],
  "sourceIdentifier": "psirt@amd.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-459"
        }
      ],
      "source": "psirt@amd.com",
      "type": "Secondary"
    }
  ]
}

CVE-2024-36353 (GCVE-0-2024-36353)

Vulnerability from cvelistv5 – Published: 2025-03-02 17:33 – Updated: 2025-10-14 17:36

Summary

Insufficient clearing of GPU global memory could allow a malicious process running on the same GPU to read left over memory values potentially leading to loss of confidentiality.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CWE

CWE-459 - Incomplete Cleanup

Assigner

AMD

References

URL

Tags

https://www.amd.com/en/resources/product-security…

Impacted products

Vendor

Product

Version

AMD

AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics

Unaffected: Radeon Software For Linux 25.10.1

AMD	AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics	Unaffected: Radeon Software For Linux 25.10.1
AMD	AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics	Unaffected: Radeon Software For Linux 25.10.1
AMD	AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics	Unaffected: Radeon Software For Linux 25.10.1
AMD	AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics	Unaffected: Radeon Software For Linux 25.10.1
AMD	AMD Ryzen™ 7045 Series Mobile Processors with Radeon™ Graphics	Unaffected: Radeon Software For Linux 25.10.1
AMD	AMD Ryzen™ 7000 Series Desktop Processor	Unaffected: Radeon Software For Linux 25.10.1
AMD	AMD Ryzen™ 5000 Series Desktop Processors with Radeon™ Graphics	Unaffected: Radeon Software For Linux 25.10.1
AMD	AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics	Unaffected: Radeon Software For Linux 25.10.1
AMD	AMD Ryzen™ 9000HX Series Processors	Unaffected: Radeon Software For Linux 25.10.1
AMD	AMD Ryzen™ AI Max 300 Series Processors	Unaffected: Radeon Software For Linux 25.10.1
AMD	AMD Ryzen™ Z2 Series Processors Extreme	Unaffected: Radeon Software For Linux 25.10.1
AMD	AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics	Unaffected: Radeon Software For Linux 25.10.1
AMD	AMD Ryzen™ 4000 Series Desktop Processors	Unaffected: Radeon Software For Linux 25.10.1
AMD	AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics	Unaffected: Radeon Software For Linux 25.10.1
AMD	AMD Ryzen™ 8000 Series Desktop Processors	Unaffected: Radeon Software For Linux 25.10.1
AMD	AMD Ryzen™ 9000 Series Desktop Processors	Unaffected: Radeon Software For Linux 25.10.1
AMD	Ryzen™ Embedded R1000	Unaffected: Kernel 6.12.25 LTS
AMD	Ryzen™ Embedded R2000	Unaffected: Kernel 6.12.25 LTS
AMD	AMD Ryzen™ Embedded V1000 Series Processors (formerly codenamed "Raven Ridge")	Unaffected: Kernel 6.12.25 LTS
AMD	Ryzen™ Embedded V2000	Unaffected: Kernel 6.12.25 LTS
AMD	Ryzen™ Embedded V3000	Unaffected: Kernel 6.12.25 LTS
AMD	AMD Ryzen Embedded V2000A Series Processors	Unaffected: Kernel 6.12.25 LTS
AMD	AMD Radeon™ RX 5000/PRO W5000 Series Graphics Products	Unaffected: Radeon Software For Linux 25.10.1
AMD	AMD Radeon™ RX6000/PRO W6000 Series Graphics Products	Unaffected: Radeon Software For Linux 25.10.1
AMD	AMD Radeon™ RX 7000/PRO W7000 Series Graphics Products	Unaffected: Radeon Software For Linux 25.10.1
AMD	AMD Radeon™ PRO V520	Unaffected: Contact your AMD Customer Engineering representative
AMD	AMD Radeon™ PRO V620	Unaffected: Contact your AMD Customer Engineering representative
AMD	AMD Radeon™ PRO V710	Unaffected: Contact your AMD Customer Engineering representative

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36353",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-03T15:49:49.731257Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-03T15:50:05.010Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7045 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7000 Series Desktop Processor",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 9000HX Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 AI Max 300 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Z2 Series Processors Extreme",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 8000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 9000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Ryzen\u2122 Embedded R1000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Kernel 6.12.25 LTS"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Ryzen\u2122 Embedded R2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Kernel 6.12.25 LTS"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors (formerly codenamed \"Raven Ridge\")",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Kernel 6.12.25 LTS"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Ryzen\u2122 Embedded V2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Kernel 6.12.25 LTS"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Ryzen\u2122 Embedded V3000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Kernel 6.12.25 LTS"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen Embedded V2000A Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Kernel 6.12.25 LTS"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Radeon\u2122 RX 5000/PRO W5000 Series Graphics Products",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Radeon\u2122 RX6000/PRO W6000 Series Graphics Products",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Radeon\u2122 RX 7000/PRO W7000 Series Graphics Products",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Radeon\u2122 PRO V520",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Contact your AMD Customer Engineering representative"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Radeon\u2122 PRO V620",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Contact your AMD Customer Engineering representative"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Radeon\u2122 PRO V710",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Contact your AMD Customer Engineering representative"
            }
          ]
        }
      ],
      "datePublic": "2025-10-14T17:11:51.489Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insufficient clearing of GPU global memory could allow a malicious process running on the same GPU to read left over memory values potentially leading to loss of confidentiality.\u003cbr\u003e"
            }
          ],
          "value": "Insufficient clearing of GPU global memory could allow a malicious process running on the same GPU to read left over memory values potentially leading to loss of confidentiality."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-459",
              "description": "CWE-459  Incomplete Cleanup",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-14T17:36:48.115Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6019.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "AMD PSIRT Automation 1.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2024-36353",
    "datePublished": "2025-03-02T17:33:11.636Z",
    "dateReserved": "2024-05-23T19:44:50.000Z",
    "dateUpdated": "2025-10-14T17:36:48.115Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2024-36353

CVE-2024-36353 (GCVE-0-2024-36353)

Tags

Sightings

Nomenclature